Ejemplo n.º 1
0
        public AsymmetricAlgorithm DecodePublicKey(Oid oid, byte[] encodedKeyValue, byte[] encodedParameters, ICertificatePal certificatePal)
        {
            if (oid.Value == Oids.Ecc)
            {
                return(DecodeECDsaPublicKey((CertificatePal)certificatePal));
            }

            int algId = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_OID_KEY, oid.Value, OidGroup.PublicKeyAlgorithm, fallBackToAllGroups: true).AlgId;

            switch (algId)
            {
            case AlgId.CALG_RSA_KEYX:
            case AlgId.CALG_RSA_SIGN:
            {
                byte[] keyBlob = DecodeKeyBlob(CryptDecodeObjectStructType.CNG_RSA_PUBLIC_KEY_BLOB, encodedKeyValue);
                CngKey cngKey  = CngKey.Import(keyBlob, CngKeyBlobFormat.GenericPublicBlob);
                return(new RSACng(cngKey));
            }

#if !NETNATIVE
            case AlgId.CALG_DSS_SIGN:
            {
                byte[] keyBlob = ConstructDSSPublicKeyCspBlob(encodedKeyValue, encodedParameters);
                DSACryptoServiceProvider dsa = new DSACryptoServiceProvider();
                dsa.ImportCspBlob(keyBlob);
                return(dsa);
            }
#endif

            default:
                throw new NotSupportedException(SR.NotSupported_KeyAlgorithm);
            }
        }
Ejemplo n.º 2
0
        private static IDictionary <OidInfo, ObjectTypeInfo> ParseObjTypesRegexResults(MatchCollection regexResults)
        {
            var parsedObjTypes = new Dictionary <OidInfo, ObjectTypeInfo>();

            foreach (Match match in regexResults)
            {
                string name             = match.Groups[OtNameGrp].Value;
                string parentExpression = match.Groups[OtParentGrp].Value;
                string otSpecification  = match.Groups[OtSpecificationGrp].Value;
                long   sibllingNo       = long.Parse(match.Groups[OtSiblingNoGrp].Value);

                var oid = new OidInfo()
                {
                    Name             = name,
                    SiblingNo        = sibllingNo,
                    ParentExpression = parentExpression
                };

                ObjectTypeInfo parsedType = ParseObjectTypeFromSpecification(otSpecification);

                parsedObjTypes.Add(oid, parsedType);
            }

            return(parsedObjTypes);
        }
Ejemplo n.º 3
0
        public AsymmetricAlgorithm DecodePublicKey(Oid oid, byte[] encodedKeyValue, byte[] encodedParameters)
        {
            int algId = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_OID_KEY, oid.Value, OidGroup.PublicKeyAlgorithm, fallBackToAllGroups: true).AlgId;

            switch (algId)
            {
            case AlgId.CALG_RSA_KEYX:
            case AlgId.CALG_RSA_SIGN:
            {
                byte[] keyBlob = DecodeKeyBlob(CryptDecodeObjectStructType.RSA_CSP_PUBLICKEYBLOB, encodedKeyValue);
                RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
                rsa.ImportCspBlob(keyBlob);
                return(rsa);
            }

            case AlgId.CALG_DSS_SIGN:
            {
                byte[] keyBlob = ConstructDSSPublicKeyCspBlob(encodedKeyValue, encodedParameters);
                DSACryptoServiceProvider dsa = new DSACryptoServiceProvider();
                dsa.ImportCspBlob(keyBlob);
                return(dsa);
            }

            default:
                throw new NotSupportedException(SR.NotSupported_KeyAlgorithm);
            }
        }
Ejemplo n.º 4
0
 private ClassInfo()
 {
     _attributes = null;
     _original = new CommittedCIZoneInfo();
     _committed = new CommittedCIZoneInfo();
     _uncommitted = new CIZoneInfo();
     _oidInfo = new OidInfo();
     Position = -1;
     MaxAttributeId = -1;
     _attributesCache = new AttributesCache();
 }
Ejemplo n.º 5
0
        private static String ConfirmedOidValue(Object findValue, OidGroup oidGroup)
        {
            String input    = ConfirmedCast <String>(findValue);
            String oidValue = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY, input, oidGroup, fallBackToAllGroups: true).OID;

            if (oidValue == null)
            {
                oidValue = input;
                ValidateOidValue(oidValue);
            }
            return(oidValue);
        }
Ejemplo n.º 6
0
        public string NormalizeOid(string maybeOid, OidGroup expectedGroup)
        {
            string oidValue = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY, maybeOid, expectedGroup, fallBackToAllGroups: true).OID;

            if (oidValue == null)
            {
                oidValue = maybeOid;
                ValidateOidValue(oidValue);
            }

            return(oidValue);
        }
Ejemplo n.º 7
0
        //
        // GET: /Oid/
        public ActionResult View(String id)
        {
            OidInfo model = new OidInfo();

            try
            {
                // Client to the CR admin interface
                ClientRegistryAdminService.ClientRegistryAdminInterfaceClient client = new ClientRegistryAdminService.ClientRegistryAdminInterfaceClient();

                model = client.GetOids().Where(o => o.oid == id).First();
            }
            catch (Exception e)
            {
                Trace.TraceError(e.ToString());
            }

            return(View(model));
        }
Ejemplo n.º 8
0
        /// <summary>
        /// Get the ALG_ID from the given HashAlgorithmName
        /// </summary>
        internal static Interop.BCrypt.ECC_CURVE_ALG_ID_ENUM GetHashAlgorithmId(HashAlgorithmName?name)
        {
            if (name.HasValue == false || string.IsNullOrEmpty(name.Value.Name))
            {
                return(Interop.BCrypt.ECC_CURVE_ALG_ID_ENUM.BCRYPT_NO_CURVE_GENERATION_ALG_ID);
            }

            CRYPT_OID_INFO oid = OidInfo.FindOidInfo(
                CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY,
                name.Value.Name,
                OidGroup.HashAlgorithm,
                false);

            if (oid.AlgId == -1)
            {
                throw new CryptographicException(SR.Cryptography_UnknownHashAlgorithm, name.Value.Name);
            }

            return((Interop.BCrypt.ECC_CURVE_ALG_ID_ENUM)oid.AlgId);
        }
Ejemplo n.º 9
0
        private StorePal CreatedLinkedStoreWithFindResults(X509FindType findType, Object findValue, bool validOnly)
        {
            unsafe
            {
                switch (findType)
                {
                case X509FindType.FindByThumbprint:
                {
                    byte[] thumbPrint = ConfirmedCast <String>(findValue).DecodeHexString();
                    fixed(byte *pThumbPrint = thumbPrint)
                    {
                        CRYPTOAPI_BLOB blob = new CRYPTOAPI_BLOB(thumbPrint.Length, pThumbPrint);

                        return(FindCore(CertFindType.CERT_FIND_HASH, &blob, validOnly));
                    }
                }

                case X509FindType.FindBySubjectName:
                {
                    String subjectName = ConfirmedCast <String>(findValue);
                    fixed(char *pSubjectName = subjectName)
                    {
                        return(FindCore(CertFindType.CERT_FIND_SUBJECT_STR, pSubjectName, validOnly));
                    }
                }

                case X509FindType.FindBySubjectDistinguishedName:
                {
                    String subjectDistinguishedName = ConfirmedCast <String>(findValue);
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            String actual = GetCertNameInfo(pCertContext, CertNameType.CERT_NAME_RDN_TYPE, CertNameFlags.None);
                            return subjectDistinguishedName.Equals(actual, StringComparison.OrdinalIgnoreCase);
                        }
                                    ));
                }

                case X509FindType.FindByIssuerName:
                {
                    String issuerName = ConfirmedCast <String>(findValue);
                    fixed(char *pIssuerName = issuerName)
                    {
                        return(FindCore(CertFindType.CERT_FIND_ISSUER_STR, pIssuerName, validOnly));
                    }
                }

                case X509FindType.FindByIssuerDistinguishedName:
                {
                    String issuerDistinguishedName = ConfirmedCast <String>(findValue);
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            String actual = GetCertNameInfo(pCertContext, CertNameType.CERT_NAME_RDN_TYPE, CertNameFlags.CERT_NAME_ISSUER_FLAG);
                            return issuerDistinguishedName.Equals(actual, StringComparison.OrdinalIgnoreCase);
                        }
                                    ));
                }

                case X509FindType.FindBySerialNumber:
                {
                    String decimalOrHexString = ConfirmedCast <String>(findValue);

                    // FindBySerialNumber allows the input format to be either in hex or decimal. Since we can't know which one was intended,
                    // it compares against both interpretations and treats a match of either as a successful find.

                    byte[] hexBytes = decimalOrHexString.DecodeHexString();
                    Array.Reverse(hexBytes);           // String is big-endian, BigInteger constructor requires little-endian.
                    BigInteger expected1 = PositiveBigIntegerFromByteArray(hexBytes);

                    BigInteger ten       = new BigInteger(10);
                    BigInteger expected2 = BigInteger.Zero;
                    foreach (char c in decimalOrHexString)
                    {
                        if (c >= '0' && c <= '9')
                        {
                            expected2 = BigInteger.Multiply(expected2, ten);
                            expected2 = BigInteger.Add(expected2, c - '0');
                        }
                    }

                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            byte[] actual = pCertContext.CertContext->pCertInfo->SerialNumber.ToByteArray();
                            BigInteger actualAsBigInteger = PositiveBigIntegerFromByteArray(actual);           // Convert to BigInteger as the comparison must not fail due to spurious leading zeros
                            GC.KeepAlive(pCertContext);
                            return expected1.Equals(actualAsBigInteger) || expected2.Equals(actualAsBigInteger);
                        }
                                    ));
                }

                case X509FindType.FindByTimeValid:
                {
                    DateTime dateTime = ConfirmedCast <DateTime>(findValue);
                    FILETIME fileTime = FILETIME.FromDateTime(dateTime);
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            int comparison = Interop.crypt32.CertVerifyTimeValidity(ref fileTime, pCertContext.CertContext->pCertInfo);
                            GC.KeepAlive(pCertContext);
                            return comparison == 0;
                        }
                                    ));
                }

                case X509FindType.FindByTimeNotYetValid:
                {
                    DateTime dateTime = ConfirmedCast <DateTime>(findValue);
                    FILETIME fileTime = FILETIME.FromDateTime(dateTime);
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            int comparison = Interop.crypt32.CertVerifyTimeValidity(ref fileTime, pCertContext.CertContext->pCertInfo);
                            GC.KeepAlive(pCertContext);
                            return comparison == -1;
                        }
                                    ));
                }

                case X509FindType.FindByTimeExpired:
                {
                    DateTime dateTime = ConfirmedCast <DateTime>(findValue);
                    FILETIME fileTime = FILETIME.FromDateTime(dateTime);
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            int comparison = Interop.crypt32.CertVerifyTimeValidity(ref fileTime, pCertContext.CertContext->pCertInfo);
                            GC.KeepAlive(pCertContext);
                            return comparison == 1;
                        }
                                    ));
                }

                case X509FindType.FindByTemplateName:
                {
                    String expected = ConfirmedCast <String>(findValue);
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            // The template name can have 2 different formats: V1 format (<= Win2K) is just a string
                            // V2 format (XP only) can be a friendly name or an OID.
                            // An example of Template Name can be "ClientAuth".

                            bool foundMatch = false;
                            CERT_INFO *pCertInfo = pCertContext.CertContext->pCertInfo;
                            {
                                CERT_EXTENSION *pV1Template = Interop.crypt32.CertFindExtension(Oids.EnrollCertTypeExtension, pCertInfo->cExtension, pCertInfo->rgExtension);
                                if (pV1Template != null)
                                {
                                    byte[] extensionRawData = pV1Template->Value.ToByteArray();
                                    if (!extensionRawData.DecodeObjectNoThrow(
                                            CryptDecodeObjectStructType.X509_UNICODE_ANY_STRING,
                                            delegate(void *pvDecoded)
                                    {
                                        CERT_NAME_VALUE *pNameValue = (CERT_NAME_VALUE *)pvDecoded;
                                        String actual = Marshal.PtrToStringUni(new IntPtr(pNameValue->Value.pbData));
                                        if (expected.Equals(actual, StringComparison.OrdinalIgnoreCase))
                                        {
                                            foundMatch = true;
                                        }
                                    }))
                                    {
                                        return false;
                                    }
                                }
                            }

                            if (!foundMatch)
                            {
                                CERT_EXTENSION *pV2Template = Interop.crypt32.CertFindExtension(Oids.CertificateTemplate, pCertInfo->cExtension, pCertInfo->rgExtension);
                                if (pV2Template != null)
                                {
                                    byte[] extensionRawData = pV2Template->Value.ToByteArray();
                                    if (!extensionRawData.DecodeObjectNoThrow(
                                            CryptDecodeObjectStructType.X509_CERTIFICATE_TEMPLATE,
                                            delegate(void *pvDecoded)
                                    {
                                        CERT_TEMPLATE_EXT *pTemplateExt = (CERT_TEMPLATE_EXT *)pvDecoded;
                                        String actual = Marshal.PtrToStringAnsi(pTemplateExt->pszObjId);
                                        String expectedOidValue = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY, expected, OidGroup.Template, fallBackToAllGroups: true).OID;
                                        if (expectedOidValue == null)
                                        {
                                            expectedOidValue = expected;
                                        }
                                        if (expected.Equals(actual, StringComparison.OrdinalIgnoreCase))
                                        {
                                            foundMatch = true;
                                        }
                                    }))
                                    {
                                        return false;
                                    }
                                }
                            }

                            GC.KeepAlive(pCertContext);
                            return foundMatch;
                        }));
                }

                case X509FindType.FindByApplicationPolicy:
                {
                    String expected = ConfirmedOidValue(findValue, OidGroup.Policy);
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            int numOids;
                            int cbData = 0;
                            if (!Interop.crypt32.CertGetValidUsages(1, ref pCertContext, out numOids, null, ref cbData))
                            {
                                return false;
                            }

                            // -1 means the certificate is good for all usages.
                            if (numOids == -1)
                            {
                                return true;
                            }

                            fixed(byte *pOidsPointer = new byte[cbData])
                            {
                                if (!Interop.crypt32.CertGetValidUsages(1, ref pCertContext, out numOids, pOidsPointer, ref cbData))
                                {
                                    return false;
                                }

                                IntPtr *pOids = (IntPtr *)pOidsPointer;
                                for (int i = 0; i < numOids; i++)
                                {
                                    String actual = Marshal.PtrToStringAnsi(pOids[i]);
                                    if (expected.Equals(actual, StringComparison.OrdinalIgnoreCase))
                                    {
                                        return true;
                                    }
                                }
                                return false;
                            }
                        }
                                    ));
                }

                case X509FindType.FindByCertificatePolicy:
                {
                    String expected = ConfirmedOidValue(findValue, OidGroup.Policy);
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            CERT_INFO *pCertInfo = pCertContext.CertContext->pCertInfo;
                            CERT_EXTENSION *pCertExtension = Interop.crypt32.CertFindExtension(Oids.CertPolicies, pCertInfo->cExtension, pCertInfo->rgExtension);
                            if (pCertExtension == null)
                            {
                                return false;
                            }

                            bool foundMatch = false;
                            byte[] extensionRawData = pCertExtension->Value.ToByteArray();
                            if (!extensionRawData.DecodeObjectNoThrow(
                                    CryptDecodeObjectStructType.X509_CERT_POLICIES,
                                    delegate(void *pvDecoded)
                            {
                                CERT_POLICIES_INFO *pCertPoliciesInfo = (CERT_POLICIES_INFO *)pvDecoded;
                                for (int i = 0; i < pCertPoliciesInfo->cPolicyInfo; i++)
                                {
                                    CERT_POLICY_INFO *pCertPolicyInfo = &(pCertPoliciesInfo->rgPolicyInfo[i]);
                                    String actual = Marshal.PtrToStringAnsi(pCertPolicyInfo->pszPolicyIdentifier);
                                    if (expected.Equals(actual, StringComparison.OrdinalIgnoreCase))
                                    {
                                        foundMatch = true;
                                        break;
                                    }
                                }
                            }
                                    ))
                            {
                                return false;
                            }

                            GC.KeepAlive(pCertContext);
                            return foundMatch;
                        }
                                    ));
                }

                case X509FindType.FindByExtension:
                {
                    String oidValue = ConfirmedOidValue(findValue, OidGroup.ExtensionOrAttribute);
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            CERT_INFO *pCertInfo = pCertContext.CertContext->pCertInfo;
                            CERT_EXTENSION *pCertExtension = Interop.crypt32.CertFindExtension(oidValue, pCertInfo->cExtension, pCertInfo->rgExtension);
                            GC.KeepAlive(pCertContext);
                            return pCertExtension != null;
                        }
                                    ));
                }

                case X509FindType.FindByKeyUsage:
                {
                    X509KeyUsageFlags expected = ConfirmedX509KeyUsage(findValue);
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            CERT_INFO *pCertInfo = pCertContext.CertContext->pCertInfo;
                            X509KeyUsageFlags actual;
                            if (!Interop.crypt32.CertGetIntendedKeyUsage(CertEncodingType.All, pCertInfo, out actual, sizeof(X509KeyUsageFlags)))
                            {
                                return true;          // no key usage means it is valid for all key usages.
                            }
                            GC.KeepAlive(pCertContext);
                            return (actual & expected) == expected;
                        }
                                    ));
                }

                case X509FindType.FindBySubjectKeyIdentifier:
                {
                    byte[] expected = ConfirmedCast <String>(findValue).DecodeHexString();
                    return(FindCore(validOnly,
                                    delegate(SafeCertContextHandle pCertContext)
                        {
                            int cbData = 0;
                            if (!Interop.crypt32.CertGetCertificateContextProperty(pCertContext, CertContextPropId.CERT_KEY_IDENTIFIER_PROP_ID, null, ref cbData))
                            {
                                return false;
                            }

                            byte[] actual = new byte[cbData];
                            if (!Interop.crypt32.CertGetCertificateContextProperty(pCertContext, CertContextPropId.CERT_KEY_IDENTIFIER_PROP_ID, actual, ref cbData))
                            {
                                return false;
                            }

                            return expected.ContentsEqual(actual);
                        }
                                    ));
                }

                default:
                    throw new CryptographicException(SR.Cryptography_X509_InvalidFindType);
                }
            }
        }
Ejemplo n.º 10
0
        private static string NativeFriendlyNameToOid(string friendlyName, OidGroup oidGroup, bool fallBackToAllGroups)
        {
            CRYPT_OID_INFO oidInfo = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY, friendlyName, oidGroup, fallBackToAllGroups);

            return(oidInfo.OID);
        }
Ejemplo n.º 11
0
        private static string NativeOidToFriendlyName(string oid, OidGroup oidGroup, bool fallBackToAllGroups)
        {
            CRYPT_OID_INFO oidInfo = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_OID_KEY, oid, oidGroup, fallBackToAllGroups);

            return(oidInfo.Name);
        }
Ejemplo n.º 12
0
        /// <summary>
        /// Returns (AlgId)(-1) if oid is unknown.
        /// </summary>
        public static AlgId ToAlgId(this string oidValue)
        {
            CRYPT_OID_INFO info = OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_OID_KEY, oidValue, OidGroup.All, false);

            return((AlgId)(info.AlgId));
        }
Ejemplo n.º 13
0
        public unsafe void FindByTemplateName(string templateName)
        {
            FindCore(
                delegate(SafeCertContextHandle pCertContext)
            {
                // The template name can have 2 different formats: V1 format (<= Win2K) is just a string
                // V2 format (XP only) can be a friendly name or an OID.
                // An example of Template Name can be "ClientAuth".

                bool foundMatch      = false;
                CERT_INFO *pCertInfo = pCertContext.CertContext->pCertInfo;
                {
                    CERT_EXTENSION *pV1Template = Interop.crypt32.CertFindExtension(Oids.EnrollCertTypeExtension,
                                                                                    pCertInfo->cExtension, pCertInfo->rgExtension);
                    if (pV1Template != null)
                    {
                        byte[] extensionRawData = pV1Template->Value.ToByteArray();
                        if (!extensionRawData.DecodeObjectNoThrow(
                                CryptDecodeObjectStructType.X509_UNICODE_ANY_STRING,
                                delegate(void *pvDecoded)
                        {
                            CERT_NAME_VALUE *pNameValue = (CERT_NAME_VALUE *)pvDecoded;
                            string actual = Marshal.PtrToStringUni(new IntPtr(pNameValue->Value.pbData));
                            if (templateName.Equals(actual, StringComparison.OrdinalIgnoreCase))
                            {
                                foundMatch = true;
                            }
                        }))
                        {
                            return(false);
                        }
                    }
                }

                if (!foundMatch)
                {
                    CERT_EXTENSION *pV2Template = Interop.crypt32.CertFindExtension(Oids.CertificateTemplate,
                                                                                    pCertInfo->cExtension, pCertInfo->rgExtension);
                    if (pV2Template != null)
                    {
                        byte[] extensionRawData = pV2Template->Value.ToByteArray();
                        if (!extensionRawData.DecodeObjectNoThrow(
                                CryptDecodeObjectStructType.X509_CERTIFICATE_TEMPLATE,
                                delegate(void *pvDecoded)
                        {
                            CERT_TEMPLATE_EXT *pTemplateExt = (CERT_TEMPLATE_EXT *)pvDecoded;
                            string actual = Marshal.PtrToStringAnsi(pTemplateExt->pszObjId);
                            string expectedOidValue =
                                OidInfo.FindOidInfo(CryptOidInfoKeyType.CRYPT_OID_INFO_NAME_KEY, templateName,
                                                    OidGroup.Template, fallBackToAllGroups: true).OID;
                            if (expectedOidValue == null)
                            {
                                expectedOidValue = templateName;
                            }
                            if (expectedOidValue.Equals(actual, StringComparison.OrdinalIgnoreCase))
                            {
                                foundMatch = true;
                            }
                        }))
                        {
                            return(false);
                        }
                    }
                }

                GC.KeepAlive(pCertContext);
                return(foundMatch);
            });
        }